Multiple computer system for operating a power plant turbine with manual backup capability

ABSTRACT

The electric power plant including a steam generator and a steam turbine is operated by a control system including two redundant digital computers. Switching circuitry is provided for coupling one of the computers through interface equipment to the steam generator and the turbine and a generator according to programmed computer control. A data link is established between the computers to transfer manual/automatic status and other needed data from the control computer to the standby computer. A system is provided for detecting when certain hardware and software malfunctions have occurred and for responsively transferring control to the standby computer. The standby computer is tracked to the control computer so that control computer transfer can be made reliably without disturbing the electric power generation process. Manual backup controls are provided for the steam generator and the steam turbine and the system is organized to transfer particular or all control loops to manual operation manually under operator selection or automatically in response to the existence of certain conditions. The capability for transfer to manual control is interfaced with the computer transfer system.

Davis et a1.

1 1 MULTIPLE COMPUTER SYSTEM FOR OPERATING A POWER PLANT TURBINE WITH MANUAL BACKUP CAPABILITY [75] Inventors: Guy E. Davis, Martinez, Calif.; Ray

C. Hoover, Murrysville; William D. Ghrist, III, Washington, both of Pa,

[73] Assignee: Westinghouse Electric Corporation,

Pittsburgh, Pa,

[22] Filed: Nov. 6, 1973 [2]] Appl. No.: 413,271

[52] US. Cl 235/l5l.21; 444/1; 290/40 R;

[51] Int. Cl... Fld 17/02; Gb /00; G06f 15/06 [58] FieldofSearch ..235/151.21, 151.3,151;

[56] References Cited UNITED STATES PATENTS 3,552,872 l/197l Giras et a1. 415/17 3,555,251 1/1971 Shavit 235/151 3,561,216 2/1971 Moore,Jr.,, 60/73 3,564,273 2/1971 Cockrell 415/17 X 3,588,265 6/1971 Berry 415/17 X OTHER PUBLICATIONS Application of the Prodac 50 System to Direct Digital Control, J. C. Belz, G. .1. Kirk & P, S. Radcliffe, IEEE Intl. Conv. Rec. Part 3, 1965, pp. 102-122. Monitoring and Automatic Control in Steam Power Stations by Process Computer, E. Doetsch & G.

Aug. 5, 1975 Hirschberg, Siemens Review XXXV (1968), No. 12, pp. 471476.

[5 7} ABSTRACT The electric power plant including a steam generator and a steam turbine is operated by a control system including two redundant digital computers. Switching circuitry is provided for coupling one of the comput ers through interface equipment to the steam genera tor and the turbine and a generator according to pro grammed computer control. A data link is established between the computers to transfer manual/automatic status and other needed data from the control computer to the standby computer. A system is provided for detecting when certain hardware and software malfunctions have occurred and for responsively transferring control to the standby computer. The standby computer is tracked to the control computer so that Control computer transfer can be made reliably without disturbing the electric power generation pro cess. Manual backup controls are provided for the steam generator and the steam turbine and the system is organized to transfer particular or all control loops to manual operation manually under operator selection or automatically in response to the existence of certain conditions. The capability for transfer to man ual control is interfaced with the computer transfer system.

17 Claims, 4] Drawing Figures POWER DETECTOR DETECTOR so SPEED oerzcnou SYSTEM 44 f 2 HYDRAU L 1C ACTUATOR 46 HYDRAULIC ACTUATORS as as ZSESTEE ONTROLLER 5 DUE TOR CONTROL STE M DEV CESI T AM [22 seuisnme SYSTEM I I i 1" 1 I l I l 1 I I I I l L l TV4 STEAM 1 t sP 5P I 8 1 THROTTLE GOVER VALVE ALv'E POSITION u POSITION CONTROLS CONTROLS I ,40 I 42 %%%l%d "am VALVE VALVE ACTUATORS ACTUATORS t g HIGH pnsssuac HYDRAULIC FLUID SUPPLY PATENTED AUG 5|975 SHEET FIG. IB.

STEAM TO HP TURBINE U L N F INAL RPEATEATE TUBES TO IP TURBINE FROM HP TURBINE FEEDWATER ECONOMIZER RE HE ATER TU BES COMBUSTION PRODUCTS R MO G PATENTEU AUG 5% DL OOUNT=|O DL COUNT= DL COUNT 1 CALL SDLYU) DO IO I= 1.10 FIRST=LOC1(I) LAST =LOC2(I) IO CALL DATLNK(5,2,F,L)

CALL SDLYU) DO 20 I =1.1O F|RST=LOC1LU LAST=LOC2(H 20 CALL DATLNK(5,I,F,L

FIG. 8.

P20001 IN CONTROL (READ MODE) PZOOO-Z TRACKING PZOOO-Z IN CONTROL (WRITE MODE) PZOOO-i TRACKING PATENTEU 5975 3, 898,441

SHEET 1 2 FTWAR324 (326 [328 Y NOT STOP 0 o CONTACTS 0R HARDWARE DEAD --TOGGLING;DEACTIVATE MA L I I gIQN OK Aux SYNC FIG.9

DEAD

OK END 224 PUT M/A STATION ON M OR A PER DATA LINKS I DEMAND COMPUTER STATUS COMPUTE R AVAILABLE REJE T T SET MANSAL 0 RETRANSFER FIG '2 {368 INHIBIT BID BOILER CHASIS AND TURBINE LOGIC CLOSE DEH SPEED LOOP IF OPEN DEH DEMAND CCI SCAN ,sao

PROCESS GO AND HOLD PANEL PB I (END) PATENTEUMIB 51% SHEET FIG. IO

PROCESS TRANSDUCER CONTROL 5 ET POINT BUMPLESS TRANSFER VALVE POSITION RESET CCID'S STATION 2 9 AUTO CONVERT ERR TO CCQ TIME CCO Tl MED OUTPUT DIGITAL SCAN ROUTlNE DEC INC

m ml

MECHANICAL LINKAGE MOTOR PATENTEUAUB 51915 Ell-EH midi moEH 9w; 00m WI 5m nI Mom w: mom

NI wom m: mom

PDOwQ j s ss mom of hOm :I mom N I mom QI 05 XI :m

m I N m mi Em CI 

1. A control system for an electric power plant having at least one steam turbine and a steam generator, said control system comprising multiple digital computers including at least a first digital computer and a second digital computer, means for generating input signals representing predetermined process variables associated with said steam generator, means for generating input signals representing predetermined process variables associated with said steam turbine, means for coupling the input signals to both of said computers, each of said computers including substantially identical means for generating control outputs for operating controllable elements of said steam generator and throttle and governor valves of said steam turbine as a function of the input signals, means for sensing predetermined control system malfunctions, means for coupling the outputs of one of said computers to operate the steam generator controllable elements and turbine valves, means for substantially conforming the structure of the other computer to the structure of said one computer in real time including means for generating control outputs in the other computer substantially equal to those from said one computer, means for executing a transfer in the control of the steam generator and the turbine from said one computer to said other computer substantially without disturbing the power generation when said sensing means detects a control system malfunction, means for manually controlling the steam generator controllable elements, means for manually controlling the steam turbine valves, and means for transferring control to said manual control means when both of said computers have malfunctioned.
 2. A control system as set forth in claim 1 wherein means are provided for generating operator manual/automatic mode select signals and means are provided for coupling the operator select signals to said computers and said manual control means to implement the operator mode selection signals.
 3. A control system as set forth in claim 1 wherein means are provided for generating a signal when the computer in control fails, a timing circuit is provided for generating a signal a predeterMined amount of delay time after the computer fail signal is generated and a computer transfer has been initiated if the computer coming into control has not generated a signal indicating the transfer has been completed and the turbine has not returned to automatic control, and means for transferring the control of the turbine from the computer coming into control to the turbine manual control if the timing circuit signal is generated.
 4. A control system as set forth in claim 3 wherein means are provided for generating operator manual/automatic mode select signals and means are provided for coupling the operator select signals to said computers and said manual control means to implement the operator mode selection signals.
 5. A control system as set forth in claim 3 wherein said other computer includes tracking controls for conforming predetermined ones of its control outputs to like outputs of said one computer, and the time delay is sufficient to allow the tracked control loops in said other computer to return to automatic control after a transfer to the other computer under normal operating conditions.
 6. A control system as set forth in claim 1 wherein said structure conforming means includes an intercomputer data link and said malfunction sensing means detects data link malfunctions, and said computers include means for inhibiting a return to automatic computer control and instituting manual control when a computer transfer is initiated after a data link malfunction.
 7. A plant for generating electric power comprising at least a steam generator and a steam turbine, a plurality of throttle and governor valves for directing steam from said steam generator to said turbine, and a control system having at least a first digital computer and a second digital computer, means for generating input signals representing predetermined process variables associated with said steam generator, means for generating input signals representing predetermined process variables associated with said steam turbine, means for coupling the input signals to both of said computers, each of said computers including substantially identical means for generating control outputs for operating controllable elements of said steam generator and throttle and governor valves of said steam turbine as a function of the input signals, means for sensing predetermined control system malfunctions, means for coupling the outputs of one of said computers to operate the steam generator controllable elements and turbine valves, means for substantially conforming the structure of the other computer to the structure of said one computer in real time including means for generating control outputs in the other computer substantially equal to those from said one computer, means for executing a transfer in the control of the steam generator and the turbine from said one computer to said other computer substantially without disturbing the power generation when said sensing means detects a control system malfunction, means for manually controlling the steam generator controllable elements, means for manually controlling the steam turbine valves, and means for transferring control to said manual control means when both of said computers have malfunctioned.
 8. An electric power plant as set forth in claim 7 wherein means are provided for generating a signal when the computer in control fails, a timing circuit is provided for generating a signal a predetermined amount of delay time after the computer fail signal is generated and a computer transfer has been initiated if the computer coming into control has not generated a signal indicating the transfer has been completed and the turbine has not returned to automatic control, and means for transferring the control of the turbine from the computer coming into control to the turbine manual control if the timing circuit signal is generated.
 9. A steam turbine system operative to receive motive steam and drive an electric generator and produce electric pOwer, said turbine comprising a plurality of turbine sections, a plurality of throttle and governor valves for directing steam through said turbine sections, and a control system including multiple digital computers including at least a first digital computer and a second digital computer, means for generating input signals representing predetermined process variables associated with said steam turbine, means for coupling the input signals to both of said computers, each of said computers including substantially identical means for generating control outputs for operating said throttle and governor valves of said steam turbine as a function of the input signals, means for sensing predetermined control system malfunctions, means for coupling the outputs of one of said computers to operate said steam turbine valves, means for substantially conforming the structure of the other computer to the structure of said one computer in real time including means for generating control outputs in the other computer substantially equal to those from said one computer, and means for executing a transfer in the control of the steam turbine from said one computer to said other computer substantially without disturbing the power generation when said sensing means detects a control system malfunction, means for manually controlling the steam generator controllable elements, means for manually controlling the steam turbine valves, and means for transferring control to said manual control means when both of said computers have malfunctioned.
 10. A steam turbine system as set forth in claim 9 wherein said structure conforming means includes an intercomputer data link and said malfunction sensing means detects data link malfunctions, and said computers include means for inhibiting a return to automatic computer control and instituting manual control when a computer transfer is initiated after a data link malfunction.
 11. A steam turbine system as set forth in claim 9 wherein means are provided for generating operator manual/automatic mode select signals and means are provided for coupling the operator select signals to said computers and said manual control means to implement the operator mode selection signals.
 12. A steam turbine system as set forth in claim 9 wherein means are provided for generating a signal when the computer in control fails, a timing circuit is provided for generating a signal a predetermined amount of delay time after the computer fail signal is generated and a computer transfer has been initiated if the computer coming into control has not generated a signal indicating the transfer has been completed and the turbine has not returned to automatic control, and means for transferring the control of the turbine from the computer coming into control to the turbine manual control if the timing circuit signal is generated.
 13. A steam turbine as set forth in claim 12 wherein said other computer includes tracking controls for conforming its predetermined ones of control outputs to like outputs of said one computer, and the time delay is sufficient to allow the tracked control loops in said other computer to return to automatic control after a transfer to the other computer under normal operating conditions.
 14. A turbine operative to drive a generator and produce electric power, said turbine comprising a rotor structure coupled to the generator and driven by motive fluid, means for controlling the flow of turbine motive fluid, and a control system including multiple digital computers including at least a first digital computer and a second digital computer, means for generating input signals representing predetermined process variables associated with said turbine, means for coupling the input signals to both of said computers, each of said computers including substantially identical means for generating control outputs for operating said flow controlling means of said turbine as a function of the input signals, means for sensing predetermined control system malfuNctions, means for coupling the outputs of one of said computers to operate said flow controlling means, means for substantially conforming the structure of the other computer to the structure of said one computer in real time including means for generating control outputs in the other computer substantially equal to those from said one computer, and means for executing a transfer in the control of the turbine from said one computer to said other computer substantially without disturbing the power generation when said sensing means detects a control system malfunction, means for manually controlling the steam generator controllable elements, means for manually controlling the steam turbine valves, and means for transferring control to said manual control means when both of said computers have malfunctioned.
 15. A turbine as set forth in claim 14 wherein means are provided for generating a signal when the computer in control fails, a timing circuit is provided for generating a signal a predetermined amount of delay time after the computer fail signal is generated and a computer transfer has been initiated if the computer coming into control has not generated a signal indicating the transfer has been completed and the turbine has not returned to automatic control, and means for transferring the control of the turbine from the computer coming into control to the turbine manual control if the timing circuit signal is generated.
 16. A method for operating an electric power plant having at least a steam generator and a steam turbine and a control system which includes at least two digital computers, the steps of said method comprising generating input signals representing predetermined process variables associated with said steam generator, generating input signals representing predetermined process variables associated with said steam turbine, coupling the input signals to both of said computers, operating said computers with substantially identical programs to generate control outputs for operating controllable elements of said steam generator and throttle and governor valves of said steam turbine, sensing predetermined control system malfunctions, coupling the outputs of one of said computers to operate the steam generator and controllable elements and turbine valves, substantially conforming the structure of the other computer to that of the one computer in real time including generating control outputs in the other computer substantially equal to those from said one computer, and executing a transfer in the control of the steam generator and the turbine from said one computer to said other computer substantially without disturbing the power generation when a control system malfunction is detected, manually controlling the steam generator controllable elements and the steam turbine valves when both of said computers have malfunctioned.
 17. A control system for a boiler comprising multiple digital computers including at least a first digital computer and a second digital computer, means for generating input signals representing predetermined process variables associated with said boiler, means for coupling the input signals to both of said computers, each of said computers including substantially identical means for generating control outputs for operating controllable elements of said boiler as a function of the input signals, means for sensing predetermined control system malfunctions, means for coupling the outputs of one of said computers to operate the boiler controllable elements, means for substantially conforming the structure of the other computer to the structure of said one computer in real time including means for generating control outputs in the other computer substantially equal to those from said one computer, and means for executing a transfer in the control of the boiler from said one computer to said other computer substantially without disturbing the boiler process when said sensing means detects a control system malfunction, means are provided fOr generating a signal when the computer in control fails, a timing circuit is provided for generating a signal a predetermined amount of delay time after the computer fail signal is generated and a computer transfer has been initiated if the computer coming into control has not generated a signal indicating the transfer has been completed and the boiler has not returned to automatic control and means for transferring the control of the boiler from the computer coming into control to the boiler manual controls. 